Forum Replies Created

Viewing 7 replies - 1 through 7 (of 7 total)
  • If you want to bypass the domain validation, change the following line.

    File: wp-content/plugins/contact-form-7/includes/config-validator.php
    Change Line: 182

    return ( substr( $email, - strlen( $site_domain ) ) == $site_domain );

    to this

    return TRUE;

    I’ve modified the function test_email_in_site_domain to address the scenario I mentioned above.

    public function test_email_in_site_domain( $content ) {
    		if ( wpcf7_is_localhost() ) {
    			return true;
    		}
    
    		$site_domain = strtolower( $_SERVER['SERVER_NAME'] );
    
    		if ( substr( $site_domain, 0, 4 ) == 'www.' ) {
    			$site_domain = substr( $site_domain, 4 );
    		}
    
    		$content = trim( $content );
    
    		if ( preg_match( '/<(.+)>$/', $content, $matches ) ) {
    			$email = strtolower( $matches[1] );
    		} else {
    			$email = strtolower( $content );
    		}
    
    		$email_arr = explode( '@', $email ); /* separate email parts */
    
    		/* site domain must exist in email address AND string length of email must EQUAL string length of domain + left part of email + 1 (@) */
    		return ( ( substr( $email, - strlen( $site_domain ) ) == $site_domain ) && ( strlen($email) == (strlen($email_arr[0])) + strlen($site_domain) + 1 ) );
    	}

    When using third level domains, e.g. thirdlevel.toplevel.com, the domain validation does not work properly.

    The email domain validation logic only checks for a match within a string so when a substring returns a positive match, the validation passes when it should not.

    Test Case Scenario:
    Wordpress Domain: blog.mywebsite.com
    Email: anything@adskfjhqdsjkfhakdsfhblog.mywebsite.comwill pass domain validation which it shouldn’t.

    File: wp-content/plugins/contact-form-7/includes/config-validator.php
    Lines: 152 – 184

    public function test_email_in_site_domain( $content ) {
    		if ( wpcf7_is_localhost() ) {
    			return true;
    		}
    
    		$site_domain = strtolower( $_SERVER['SERVER_NAME'] );
    
    		if ( substr( $site_domain, 0, 4 ) == 'www.' ) {
    			$site_domain = substr( $site_domain, 4 );
    		}
    
    		$content = trim( $content );
    
    		if ( preg_match( '/<(.+)>$/', $content, $matches ) ) {
    			$email = strtolower( $matches[1] );
    		} else {
    			$email = strtolower( $content );
    		}
    
    		return ( substr( $email, - strlen( $site_domain ) ) == $site_domain );
    	}

    Pro Licensed Version 1.7.
    I just updated the Free plugin and now I get this error:

    Plugin could not be activated because it triggered a fatal error.
    
    Fatal error: Cannot redeclare wsh_extract_exclusions() (previously declared in \htdocs\wp-content\plugins\raw-html-pro\include\tag-handler.php:19) in \htdocs\wp-content\plugins\raw-html\include\tag-handler.php on line 66

    Nevermind… I had to deactivate the Pro version and then re-activate only the Pro version.

    I’m using Version 3.1

    I updated to the latest version 3.4.1. I now notice that after I added CSS declaration .vye_links {display:none !important;}, there’s now an inline CSS for the vixy links <span style=”” class=”vye_links”>.

    What’s the purpose of the inline CSS reset <span style=”” class=”vye_links”>? All it did was reset any CSS overrides that would be used to remove your unwanted links. The links are back by default. I have to untick under profiles.

    It’s still perceived as blackhat / underhanded tactic to inject content. The links appear by default on the blog. Why force users to untick at all? The default should be unticked. If users want other products from you, they’d just visit your site. Having links that have no relevance to the subject matter degrades overall user-experience.

Viewing 7 replies - 1 through 7 (of 7 total)